The Great Internet Upgrade, part2: What the heck is netfilter?!

As I mentioned in my earlier post, I’m running OpenWRT firmware on my Linksys router. This enables the router to do more than just act as a firewall/router, so that it can do things that you’d normally need some pretty expensive kit to run. (e.g. A Linux box dedicated to the task or some pricey Cisco hardware.)

It works great, I’m happy to say. Package management is smooth and easy, and the basics of routing and firewalling are all taken care of. But there’s a few snags…

Firstly, the firewall. It all works off of iptables for netfilter, which is to say that I need to write some fairly hairy firewall rules. Added to this, I want to use video chat, which requires about sixteen thousand ports to be open in order to work. (Okay, 22 ports, but come ON!)

Then there’s the VPN… Works great, except I can’t make a connection from work. The first PPTP connection goes, but the second one never makes it back to my Mac or PC at work. Dang! Might have to try L2TP/IPSec instead… Ugh.

Lastly, the wireless isn’t as strong as the signal out of my old SBG1000 (which is running an 802.11b signal in my DMZ so that the TiVo and Nintendo DS can get online – everything else is 802.11g and WPA encrypted), so there’s a big dead spot about the size of my dining table, plus the basement is entirely devoid of wifi, now. So I’ve picked up a second WRT54GL which will run OpenWRT and create a wireless distribution system so that I get wifi everywhere.

Yes, I now have the world’s most complicated home network. Kind of fun, from a geeking perspective, but from a usability perspective, I have far more equipment and far less expertise in running it! Such is the price of progress…

If anyone out there can show me how to set up my iptables script so that iChat AV works, I’ll Paypal you $5. No kidding. Lend a fella a hand!

Twitter, Facebook

Written on July 12, 2006